Growing up in the 80s and 90s, there was always the fear that criminals would be rifling through your garbage, finding old bank statements, credit card statements, and checks. The way to protect yourself was to buy a shredder and make sure that anything of importance went through a proper shredding. I still follow this today – any credit card statement, bank statement, financial statement gets a proper 16 cut shredding before being tossed.
Secondly, there was a risk of someone looking over your shoulder to see your pin as you used an ATM. Therefore you were instructed to shield the information by putting your hand over it. Credit card skimmers began showing up so that crooks wouldn’t even need to watch you and could duplicate your cards.
Recently criminals haven’t needed to resort to dumpster diving and have become even smarter as data breaches have hit major institutions like Target, Living Social, AOL, and most recently Ebay. Crooks made off with millions of credit card numbers, names, addresses, passwords, and email addresses.
I was affected by the Target breach and took Target up on their offer for 1 year of free credit monitoring through ProtectMyID.
Two weeks ago, my wife received a notification from Mint.com (which we use to track our finances) that we had incurred an ATM fee. This was strange as we only use ATMs in our banks network. She looked at our checking account and noticed there had been two ATM withdrawals in California for $500 and $300 the day prior. There was another withdrawal for an additional $500 that day. We scrambled to try to find out where the breach had come form. It was the weekend and therefore our credit union was closed. We called our debit card issuer and cancelled both of our debit cards and called the police to fill out an identity theft police report.
We spent the rest of the weekend bracing for more withdrawals but luckily they had stopped. I called ProtectMyID and told them of the problem. My assumption was that a credit monitoring service would take over at this point. Alas, their advice was to head to the bank on Monday morning to sort it all out. People really pay for their services???
On Monday morning, we both went to our credit union and after doing some research they found that my debit card had been compromised and someone had made a duplicate card with my PIN number and withdrawn money in California. We filled out some paperwork about the fraud and within 2 days the entire amount was back in our accounts. Both the police and the bank seemed quite doubtful that they would ever find the perpetrators. Perhaps it was the work of Jose Manuel again? Apparently there has been some credit card skimmers installed in the post office kiosks and that was probably where they were able to get my information.
Protection
So what is someone to do to protect their identity as thief’s become more advanced, even resorting to hacking information from ATMs wirelessly?
There really is no fool proof way to prevent identity theft, but these are some ways to make it harder.
1) Use a password generator to make really difficult to crack passwords. I’ve used 1Password and LastPass and like the functionality of LastPass. It will store all of your passwords and create new ones for you and store those. You can unlock it with a master password.
2)Use non-sensical answers to challenge questions. Websites often ask for challenge questions, but by answering the questions with your mom’s actual maiden name makes it easy for crooks to find out this information. Use random strings as challenge questions.
3)Monitor all of your accounts constantly With the explosion of the Internet, all financial institutions have online access and apps to monitor things. You can use an aggregator like the free Mint.com to pull in all of your information at once or use individual apps.
4)Have a good storage system for credit and debit cards Keep track of which accounts are open and closed and keep your cards in a safe place. We use a spreadsheet to track dates they are opened, which accounts have been closed, and shred any credit cards no longer needed.
5)Pull your free credit reports each year. Annualcreditreport.com is a service that will give you a free credit report from all three bureaus each year. We pull one from each bureau every 4 months.
The best bet is to pay attention and be aggressive defending your identity. It’s not a matter of if you identity is stolen, but when.
Do you have any identity theft horror stories?
My identity was stolen back in Jan. I got calls from various financial institutions informing me that someone had tried opening accounts in my name/SSN. Fortunately they haven’t gone after any of my personal accounts, yet. I had to get a freeze put on my credit reports so that any attempt to open any kind of account will not work without me verifying it. I also filled out a police report, which seemed useless. In an unrelated issue someone recently made a copy of my Marriott Visa card and made a bunch of purchases at Red Lobster and KFC near my house(such a big spender!). Chase reimbursed me for all those.
Scott – wow that is scary – thanks for sharing
Your step one should be
Never use a debit card for purchases!.
I keep an ATM only card from my bank to get cash. You have to request these when you open your account, as the default option is a debit card.
Although the ATM card could be skimmed, the number is useless for online purchases. Plus if the ATM card is lost/stolen it cannot be used without the PIN. If your debit card is stolen, it can be used anywhere until you report it lost.
Consider store cards: The Target breach did not affect their store credit and debit cards. I maintain both and they offer an instant 5% discount which beats any cash back or frequent flyer point rewards. I use their debit card if I need cash back.
The only time to use a debit card is to get a checking cash advance from a teller when you need more than the ATM will allow.
“2)Use non-sensical answers to challenge questions. Websites often ask for challenge questions, but by answering the questions with your mom’s actual maiden name makes it easy for crooks to find out this information. Use random strings as challenge questions.”
This is huge. I wrote the director of security about the “challenge” questions at my online credit union. Response? Nothing. They failed to understand how my random 50 character form entry password was more secure than their “guess one of these 12 answers” questions.
It just makes me want to drop all kinds of expletives, but HOW ARE THESE PEOPLE IN SECURITY?!?
@ford – totally agree!
Some of the skimmers are pretty obvious you should look and see if looks right. Also I would run a good malware analysis program on your computer to make sure you did not accidentally download some type malware and that is where the leak came from.
This always sucks. Glad it was successfully resolved.
But I don’t use debit cards to pay for anything. It is either a credit card or cash.
In addition, I have a separate checking account that is not at the same bank as primary accounts. If I need cash I’ll take it from that account and I can always replenish it with a simple ACH transfer.
For example, this path was a great comfort to use while traveling in Italy, Austria, Spain to get cash from almost any ATM.